Electronic communication is commonly used to obtain a wide variety of information. For example, users may obtain current or past news, entertainment content, research information, how-to information, etc. Further, the information may take a variety of forms, such as print, images, video, audio, and combinations of these. The information may be obtained using one or more service providers that provide access and/or content services. For example, the information may be obtained by a user device communicating with a content provider via one or more access providers (e.g., telecommunication networks, network gateways, etc.) and downloading the information from the content provider via the access provider. The information obtained may be available for free, or may require a payment (e.g., a paid subscription) by the user to the content provider and/or the access provider. For example, a user may need to pay for a subscription to a service provider before that service provider will provide content to the user. The user may be able to select which services the user wants from any particular service provider such that different service providers may provide different services to the same user, and the same service provider may provide different services to different users. Also or alternatively, the user may pay for access to a network, e.g., paying a hotel for access through hotel-owned access points to the Internet.
For paid subscription services, determining the authenticity of the requesting party and the authorization of that party for the requested service is paramount. One existing technique for obtaining subscribed-to services has a user establish a username and password during enrollment for services. Alternatively, the username and password may be provided, at least initially, by a service provider. The username and password is then used each time that service is desired. Another technique for obtaining subscribed-to services has a device provide the same device certificate to each service provider from which service is desired. The certificate includes information such as a device identity, a public cryptographic key (public key) associated with the device (i.e., corresponding to a private key stored by the device), and a digital signature. With the same device certificate used for every service provider (SP), the certificate lacks customizability compared with a service provider providing a custom certificate that may include service-provider-specific (SP-specific) information such as authorized (e.g., paid for) service, expiration of a user's subscription, etc. Another existing technique for obtaining subscribed-to services has a service provider server provide a custom certificate that may include SP-specific information. In this technique, a user device and a service provider server initiate communication, and a public key/private key pair is produced by the user device in association with the particular service provider. The keys may be provisioned without secure key provisioning, with the key pair stored in high-level operating system (HLOS) memory that is accessible to outside sources. Alternatively, the keys may be provisioned with secure key provisioning, with the private key stored in secure storage, requiring expensive hardware to accommodate any significant quantity of service providers. While this technique provides for a custom certificate, the storage required of the key pairs is burdensome, leads to security concerns if the private key is not stored in secure storage, and increases costs with each distinct service provider to which the user subscribes, particularly if the private key is stored in secure storage.